<?php
  if (strpos($_SERVER['PHP_SELF'],basename(__FILE__)) !== false) {
  print "Direct module access forbidden.";exit;}
  
  if (!is_employee()) {
    redirect();
  }
  
  // reset user's password
  if(!empty($_GET['uid']) and $_GET['newpass'] == "TRUE"){
      reset_passwd($_GET['uid']);
  }
  
  $links[] = array(
      "txt"   => "Reset Password",
      "url"   => "?module=users&action=view&uid=".$_GET['uid']."&newpass=TRUE"
  );
  
  $sql  = "UPDATE ";
  $sql .= "users ";
  $sql .= "set hidden=1 ";
  $sql .= "WHERE userid='".$_GET['uid']."'";
  $dbi->query($sql);
  
  redirect ("?module=users");
?>
